Уязвимость CVE-2019-7317: Информация

Описание

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Важность: MEDIUM (5,3) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-7317

Опубликовано: 4 февраля 2019 г.

Изменено: 23 мая 2022 г.

Идентификатор типа ошибки: CWE-416

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
MySQL	sisyphus	8.0.23-alt1	8.0.37-alt1.1	ALT-PU-2021-1338-1	266017	Исправлено
MySQL	sisyphus_riscv64	8.0.27-alt1.0.rv64	8.0.30-alt0.2.rv64	ALT-PU-2021-4503-1	-	Исправлено
MySQL	p10	8.0.23-alt1	8.0.36-alt1	ALT-PU-2021-1338-1	266017	Исправлено
MySQL	p9	8.0.25-alt2	8.0.26-alt2	ALT-PU-2021-2380-1	277424	Исправлено
MySQL	c10f1	8.0.23-alt1	8.0.36-alt1	ALT-PU-2021-1338-1	266017	Исправлено
MySQL	c9f2	8.0.26-alt2	8.0.36-alt0.c9.1	ALT-PU-2021-3668-1	291746	Исправлено
firefox	sisyphus	67.0-alt1	126.0-alt2	ALT-PU-2019-1941-1	231216	Исправлено
firefox	p10	67.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2019-1941-1	231216	Исправлено
firefox	p9	67.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2019-1941-1	231216	Исправлено
firefox	p8	68.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2019-2938-1	236175	Исправлено
firefox	c10f1	67.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2019-1941-1	231216	Исправлено
firefox	c7	60.7.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2035-1	231641	Исправлено
firefox-esr	p8	60.7.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2019-1903-1	229794	Исправлено
libpng16	sisyphus	1.6.37-alt1	1.6.42-alt2	ALT-PU-2019-2547-1	236677	Исправлено
libpng16	p10	1.6.37-alt1	1.6.37-alt1	ALT-PU-2019-2547-1	236677	Исправлено
libpng16	c10f1	1.6.37-alt1	1.6.37-alt1	ALT-PU-2019-2547-1	236677	Исправлено
thunderbird	p8	60.7.2-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2019-2196-1	216874	Исправлено
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://github.com/glennrp/libpng/issues/275	Exploit Issue Tracking Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803	Issue Tracking Mailing List Third Party Advisory
20190417 [slackware-security] libpng (SSA:2019-107-01)	Issue Tracking Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html	VDB Entry Third Party Advisory
DSA-4435	Third Party Advisory
20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update	Issue Tracking Mailing List Third Party Advisory
USN-3962-1	Third Party Advisory
USN-3991-1	Third Party Advisory
20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)	Issue Tracking Mailing List Third Party Advisory
20190523 [SECURITY] [DSA 4448-1] firefox-esr security update	Issue Tracking Mailing List Third Party Advisory
DSA-4448	Third Party Advisory
[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update	Mailing List Third Party Advisory
RHSA-2019:1265	Third Party Advisory
RHSA-2019:1269	Third Party Advisory
RHSA-2019:1267	Third Party Advisory
DSA-4451	Third Party Advisory
20190527 [SECURITY] [DSA 4451-1] thunderbird security update	Issue Tracking Mailing List Third Party Advisory
[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update	Mailing List Third Party Advisory
USN-3997-1	Third Party Advisory
openSUSE-SU-2019:1484	Third Party Advisory
RHSA-2019:1310	Third Party Advisory
RHSA-2019:1309	Third Party Advisory
RHSA-2019:1308	Third Party Advisory
openSUSE-SU-2019:1534	Mailing List Third Party Advisory
openSUSE-SU-2019:1664	Mailing List Third Party Advisory
108098	Not Applicable Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20190719-0005/	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
USN-4080-1	Third Party Advisory
USN-4083-1	Third Party Advisory
GLSA-201908-02	Third Party Advisory
RHSA-2019:2494	Third Party Advisory
RHSA-2019:2495	Third Party Advisory
openSUSE-SU-2019:1912	Mailing List Third Party Advisory
openSUSE-SU-2019:1916	Mailing List Third Party Advisory
RHSA-2019:2585	Third Party Advisory
RHSA-2019:2590	Third Party Advisory
RHSA-2019:2592	Third Party Advisory
RHSA-2019:2737	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
  Start including
  1.6.0
  End excliding
  1.6.37
  
  Конфигурация 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  
  Конфигурация 4
  cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
  End excliding
  8.0.23
  cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
  
  Конфигурация 5
  cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*
  End excliding
  8.7.0-00
  cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*
  End excliding
  8.7.0-00
  
  Конфигурация 6
  cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*
  
  Конфигурация 7
  cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  
  Конфигурация 8
  cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
  
  Конфигурация 9
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*
  cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*
  End excliding
  3.4.2
  cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*
  End excliding
  3.4.2
  cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*
  cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
  End excliding
  9.6
  cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*
  End excliding
  11.53
  cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*
  End excliding
  7.3.9
  cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*
  End excliding
  3.2
  cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
  End excliding
  9.6
  cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*
  cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
  End excliding
  5.1
  cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*
  End excliding
  4.0
  
  Конфигурация 10
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

Версия: v24.5.1

Наверх

Уязвимость CVE-2019-7317: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4

Конфигурация 5

Конфигурация 6

Конфигурация 7

Конфигурация 8

Конфигурация 9

Конфигурация 10